Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSonicwall Sma6200
HWSonicwallwszystkie wersjeSonicwall Sma6200 Firmware
OSSonicwall< 12.4.3-02854Sonicwall Sma6210
HWSonicwallwszystkie wersjeSonicwall Sma6210 Firmware
OSSonicwall< 12.4.3-02854Sonicwall Sma7200
HWSonicwallwszystkie wersjeSonicwall Sma7200 Firmware
OSSonicwall< 12.4.3-02854Sonicwall Sma7210
HWSonicwallwszystkie wersjeSonicwall Sma7210 Firmware
OSSonicwall< 12.4.3-02854Sonicwall Sma8200v
APPSonicwall< 12.4.3-02854Sonicwall Sra Ex6000
HWSonicwallwszystkie wersjeSonicwall Sra Ex6000 Firmware
OSSonicwall≤ 12.4.3-02804Sonicwall Sra Ex7000
HWSonicwallwszystkie wersjeSonicwall Sra Ex7000 Firmware
OSSonicwall≤ 12.4.3-02804Sonicwall Sra Ex9000
HWSonicwallwszystkie wersjeSonicwall Sra Ex9000 Firmware
OSSonicwall≤ 12.4.3-02804
CISA KEV — detailsi
- Vendori
- SonicWall ↗
- Producti
- SMA1000 Appliances
- Added to KEVi
- January 24, 2025
- Remediation deadline (US Federal)i
- February 14, 2025(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.
Related vulnerabilities
Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 seri...
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote at...
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSL...
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 applianc...
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSL...